Static | ZeroBOX

PE Compile Time

2021-07-07 20:46:56

PE Imphash

385b4c734448931d8105f2b8af2a40a5

PEiD Signatures

Armadillo v1.71

Sections

Name Virtual Address Virtual Size Size of Raw Data Entropy
.text 0x00001000 0x00005f7f 0x00006000 6.58234577648
.rdata 0x00007000 0x0000107a 0x00002000 3.46017634608
.data 0x00009000 0x000035dc 0x00003000 0.750457319682
.rsrc 0x0000d000 0x00001000 0x00001000 1.45866593687

Resources

Name Offset Size Language Sub-language File type
RT_VERSION 0x0000d058 0x000004e4 LANG_ENGLISH SUBLANG_ENGLISH_US data

Imports

Library KERNEL32.dll:
0x407000 GetProcAddress
0x407004 lstrlenW
0x40700c LoadLibraryA
0x407018 GetStringTypeW
0x40701c GetStringTypeA
0x407020 LocalFree
0x407024 RtlUnwind
0x407028 GetCommandLineA
0x40702c GetVersion
0x407030 ExitProcess
0x407034 RaiseException
0x407038 HeapFree
0x40703c HeapAlloc
0x407040 GetCurrentThreadId
0x407044 TlsSetValue
0x407048 TlsAlloc
0x40704c SetLastError
0x407050 TlsGetValue
0x407054 GetLastError
0x407058 TerminateProcess
0x40705c GetCurrentProcess
0x407064 GetModuleFileNameA
0x407070 WideCharToMultiByte
0x40707c SetHandleCount
0x407080 GetStdHandle
0x407084 GetFileType
0x407088 GetStartupInfoA
0x40708c GetModuleHandleA
0x407094 GetVersionExA
0x407098 HeapDestroy
0x40709c HeapCreate
0x4070a0 VirtualFree
0x4070a4 WriteFile
0x4070b8 VirtualAlloc
0x4070bc HeapReAlloc
0x4070c0 IsBadWritePtr
0x4070c4 IsBadReadPtr
0x4070c8 IsBadCodePtr
0x4070cc GetCPInfo
0x4070d0 GetACP
0x4070d4 GetOEMCP
0x4070d8 MultiByteToWideChar
0x4070dc LCMapStringA
0x4070e0 LCMapStringW
Library USER32.dll:
0x407100 wsprintfW
Library ole32.dll:
0x407108 CoSetProxyBlanket
0x407110 CoInitialize
0x407114 CoCreateInstance
0x407118 CoUninitialize
Library OLEAUT32.dll:
0x4070e8 SysStringLen
0x4070ec SysAllocStringLen
0x4070f0 SysAllocString
0x4070f4 VariantClear
0x4070f8 SysFreeString

!This program cannot be run in DOS mode.
`.rdata
@.data
UVWSSSj
SSSSSPQ
QSSWUP
T$$SRP
D$0_^][d
D$ ShelP
D$(lExe
D$,cute
D$0ExW
T$(QRhD
D$ Clos
D$$eHan
D$(dle
T$<QRV
D$,GetF
D$0ileS
D$4ize
D$8Read
D$<File
D$PCrea
D$TteFi
D$XleW
D$\SetF
D$`ileP
D$doint
D$@ClosR
D$HeHan
D$Ldle
L$hPQR
D$4Show
D$8Wind
D$8GetM
D$<odul
D$@eFil
D$DeNam
D$HGetCP
D$Ponso
D$TleWi
D$Xndow
QQSVWd
t.;t$$t(
sO;>|C;~
8t9UW
SS@SSPVSS
t#SSUP
t$$VSS
_^][YY
VC20XC00U
VWuBhPw@
tPh4w@
HSVHWtgHHtF
[Sh`w@
"WWSh\w@
^Vh`w@
PVh\w@
PPPPPPPP
PPPPPPPP
tFGQPS
^}%95t
__GLOBAL_HEAP_SELECTED
__MSVCRT_HEAP_SELECT
runtime error
TLOSS error
SING error
DOMAIN error
- unable to initialize heap
- not enough space for lowio initialization
- not enough space for stdio initialization
- pure virtual function call
- not enough space for _onexit/atexit table
- unable to open console device
- unexpected heap error
- unexpected multithread lock error
- not enough space for thread data
abnormal program termination
- not enough space for environment
- not enough space for arguments
- floating point not loaded
Microsoft Visual C++ Runtime Library
Runtime Error!
Program:
<program name unknown>
GetLastActivePopup
GetActiveWindow
MessageBoxA
user32.dll
H:mm:ss
dddd, MMMM dd, yyyy
M/d/yy
December
November
October
September
August
February
January
Saturday
Friday
Thursday
Wednesday
Tuesday
Monday
Sunday
SunMonTueWedThuFriSat
JanFebMarAprMayJunJulAugSepOctNovDec
GetProcAddress
lstrlenW
InterlockedDecrement
LoadLibraryA
GetEnvironmentVariableW
KERNEL32.dll
wsprintfW
USER32.dll
CoUninitialize
CoSetProxyBlanket
CoCreateInstance
CoInitializeSecurity
CoInitialize
ole32.dll
OLEAUT32.dll
LocalFree
RtlUnwind
GetCommandLineA
GetVersion
ExitProcess
RaiseException
HeapFree
HeapAlloc
GetCurrentThreadId
TlsSetValue
TlsAlloc
SetLastError
TlsGetValue
GetLastError
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetModuleHandleA
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
WriteFile
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
SetUnhandledExceptionFilter
VirtualAlloc
HeapReAlloc
IsBadWritePtr
IsBadReadPtr
IsBadCodePtr
GetCPInfo
GetACP
GetOEMCP
MultiByteToWideChar
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
InterlockedIncrement
.?AV_com_error@@
.?AVtype_info@@
!This program cannot be run in DOS mode.
`.rsrc
api-ms-win-core-namedpipe-l1-1-0.pdb
.rdata
.rdata$zzzdbg
.edata
.rsrc$01
.rsrc$02
api-ms-win-core-namedpipe-l1-1-0.dll
ConnectNamedPipe
kernel32.ConnectNamedPipe
CreateNamedPipeW
kernel32.CreateNamedPipeW
CreatePipe
kernel32.CreatePipe
DisconnectNamedPipe
kernel32.DisconnectNamedPipe
GetNamedPipeClientComputerNameW
kernel32.GetNamedPipeClientComputerNameW
ImpersonateNamedPipeClient
advapi32.ImpersonateNamedPipeClient
PeekNamedPipe
kernel32.PeekNamedPipe
SetNamedPipeHandleState
kernel32.SetNamedPipeHandleState
TransactNamedPipe
kernel32.TransactNamedPipe
WaitNamedPipeW
kernel32.WaitNamedPipeW
Washington1
Redmond1
Microsoft Corporation1!0
Microsoft Time-Stamp PCA0
160330192130Z
170630192130Z0
Washington1
Redmond1
Microsoft Corporation1
MOPR1'0%
nCipher DSE ESN:5847-F761-4F701%0#
Microsoft Time-Stamp Service0
Chttp://crl.microsoft.com/pki/crl/products/MicrosoftTimeStampPCA.crl0X
<http://www.microsoft.com/pki/certs/MicrosoftTimeStampPCA.crt0
Washington1
Redmond1
Microsoft Corporation1#0!
Microsoft Code Signing PCA0
150604174245Z
160904174245Z0
Washington1
Redmond1
Microsoft Corporation1
Microsoft Corporation0
MOPR1301
*31595+04079350-16fa-4c60-b6bf-9d2b1cd059840
Ehttp://crl.microsoft.com/pki/crl/products/MicCodSigPCA_08-31-2010.crl0Z
>http://www.microsoft.com/pki/certs/MicCodSigPCA_08-31-2010.crt0
microsoft1-0+
$Microsoft Root Certificate Authority0
100831221932Z
200831222932Z0y1
Washington1
Redmond1
Microsoft Corporation1#0!
Microsoft Code Signing PCA0
?http://crl.microsoft.com/pki/crl/products/microsoftrootcert.crl0T
8http://www.microsoft.com/pki/certs/MicrosoftRootCert.crt0
`Ge`@N
microsoft1-0+
$Microsoft Root Certificate Authority0
070403125309Z
210403130309Z0w1
Washington1
Redmond1
Microsoft Corporation1!0
Microsoft Time-Stamp PCA0
microsoft1-0+
$Microsoft Root Certificate Authority
?http://crl.microsoft.com/pki/crl/products/microsoftrootcert.crl0T
8http://www.microsoft.com/pki/certs/MicrosoftRootCert.crt0
1Jv1=+r
L&*H$_Z
Washington1
Redmond1
Microsoft Corporation1#0!
Microsoft Code Signing PCA
http://www.microsoft.com/windows0
Washington1
Redmond1
Microsoft Corporation1!0
Microsoft Time-Stamp PCA
160728150034Z0#
Washington1
Redmond1
Microsoft Corporation1(0&
Microsoft Code Signing PCA 20100
151028203124Z
170128203124Z0
Washington1
Redmond1
Microsoft Corporation1
Microsoft Corporation0
MOPR1301
*38076+ad58a381-3343-4dd7-8833-0de83d41f5f00
Ehttp://crl.microsoft.com/pki/crl/products/MicCodSigPCA_2010-07-06.crl0Z
>http://www.microsoft.com/pki/certs/MicCodSigPCA_2010-07-06.crt0
Washington1
Redmond1
Microsoft Corporation1200
)Microsoft Root Certificate Authority 20100
100706204017Z
250706205017Z0~1
Washington1
Redmond1
Microsoft Corporation1(0&
Microsoft Code Signing PCA 20100
Ehttp://crl.microsoft.com/pki/crl/products/MicRooCerAut_2010-06-23.crl0Z
>http://www.microsoft.com/pki/certs/MicRooCerAut_2010-06-23.crt0
1http://www.microsoft.com/PKI/docs/CPS/default.htm0@
#Vx"&6
7Z>@B1
Washington1
Redmond1
Microsoft Corporation1(0&
Microsoft Code Signing PCA 2010
http://www.microsoft.com/windows0
20160728150037.763Z0
Washington1
Redmond1
Microsoft Corporation1
MOPR1'0%
nCipher DSE ESN:31C5-30BA-7C911%0#
Microsoft Time-Stamp Service
Washington1
Redmond1
Microsoft Corporation1200
)Microsoft Root Certificate Authority 20100
100701213655Z
250701214655Z0|1
Washington1
Redmond1
Microsoft Corporation1&0$
Microsoft Time-Stamp PCA 20100
$`2X`F
Ehttp://crl.microsoft.com/pki/crl/products/MicRooCerAut_2010-06-23.crl0Z
>http://www.microsoft.com/pki/certs/MicRooCerAut_2010-06-23.crt0
1http://www.microsoft.com/PKI/docs/CPS/default.htm0@
oK0D$"<
r~akow
Washington1
Redmond1
Microsoft Corporation1&0$
Microsoft Time-Stamp PCA 20100
160427170619Z
170727170619Z0
Washington1
Redmond1
Microsoft Corporation1
MOPR1'0%
nCipher DSE ESN:31C5-30BA-7C911%0#
Microsoft Time-Stamp Service0
Ehttp://crl.microsoft.com/pki/crl/products/MicTimStaPCA_2010-07-01.crl0Z
>http://www.microsoft.com/pki/certs/MicTimStaPCA_2010-07-01.crt0
Washington1
Redmond1
Microsoft Corporation1
MOPR1'0%
nCipher DSE ESN:31C5-30BA-7C911%0#
Microsoft Time-Stamp Service
Washington1
Redmond1
Microsoft Corporation1
MOPR1'0%
nCipher NTS ESN:57F6-C1E0-554C1+0)
"Microsoft Time Source Master Clock0
20160728002501Z
20160729002501Z0w0=
dX*[)_
Washington1
Redmond1
Microsoft Corporation1&0$
Microsoft Time-Stamp PCA 2010
Washington1
Redmond1
Microsoft Corporation1&0$
Microsoft Time-Stamp PCA 2010
ZkLEjrb!
8v,)cml
)U]bc[
';VHw~{
Q&t0ik
8$ COW
IGkn){
3=ekjO
FEGq|%3
n[Ba6cf
jtRQi}JW
+iffCPvf
rU3|XX
YU72*/
f,0 kN
\1M,T5M
#PA;"/
*x:128
z?%)c>F}
:.fs;,
}s)&-oi
ln{{^.
dc([8B
nd)c>
"/9;12
%yv%.*
Eo)$ww
fkq7j<:
}G1k}X
oku^si
"o)lrw
b (!.
M3ke)l
)-h8[cfF
bFXOZ^
U+$ I@
TQ7jebNd
k1}("i
z2wm[%
f'Sn,>C
Yd+v=w
h$-cn(/
>+yFG$
j,'?i8
Ho.ouO
?-3wk( 1
+)cf,(bn
V.bc.!-s*p
2ds'A5:
$)o2Fe
9_,k%(d
i%Y?.H
9~Vvnw%
Z#:Xu n
a-CX~i
#&6?q-
ka+ a`=
i~>v2N{m
e-o'l*
fCKjb'.
SH!k3o
)`'T[/k
g+a*1YQ
MVng y
Q7ng/N
*Eebw;k9
"dfJD9
a'o&k%
m4+``X
Xd*d+dV
z$)Gq^
%/i"d.
>&pyn+
z[r<1NN
~dqtia-
Ewn&(`n
+e)OyV
gRef,>v
0.(dk<36i
TAIt|)d
'k$-ke
!/om,.
q7_l-
Fa_xNc$
typjX5
i=_C&+
U8a+ bE
.cifDJSV
Ybc\{>
pVbLo$1
3Bf]M
){Ggd%
c=+rdA
w}v<wUM
+]kkmU
/}/,Hk
GaN[T#k'
6kr"vj
sih,{3"
/?er>K]j(
k$-svl(
Qq.U%E
qt16n+^
f.g#:
<J S'X
/cWzC~
*)gh&(d
)2s'?i8
#.cn$(&
sUe[lU
<7'kEAJ
]Tnd{2
<|E u
zCv-LP
ENjh c
%"c'n+
_o{ezf
LTqX](
|4/y:b
,B)a;P
k/SuDm
eBLlP<
>\;_#c=
z<Fz,
.^%VlGS
WRwLWkk
E%MW3h
D=EtR`B,
s5Y7,(
JYgAIt|)
#<w7!;7
j$-gn,)
af/ (b
'6j+zv
m+h\%m
}a.mQ6Re
b&j+jN
j;zQE?zS&MX
Yg!{-2
kr"?14
3V1?-g
6d\NwN
ZfbGm
j"/ge,7
.h`i#o/c
nK}Xr4
k$-cr6
Nr,k"h
./LNfI
vIU)n.
IQ&k/[
{mj/,/
C~j<f|IA
u'k#'m
zFr&>N
o#N<s0
g=0 MA
j8;kh<
XUCe<8o
BNnTjS
](j4?2
fag+hl
y4';6\
'8? ':
kr"?1,
z4/ab8
832`q~$
~7gYM4
YI\] 4
_YTAYLT
1({a+Y}dsv
e] ^O
XjXjX"
Ve fANi
"c/~SOAT
@:ouz
,Q][gj
d8SvQ
n9}i%$
:j\]-*
*ed,/g$
.CducRe
)54--
KYT))6W
jfKWqd+l%
@M*f
>KI,3=-o
fh,>rL
h40m^?
~>f*%[
siAIf,)cn
ObCO}xq
[)ly~AJ
',-kb,
UY}BMr}Q
u)_Dxo
y:*)M@fS\
:&k8oq
74sa'V`,
Xa-5}h
h !h(
HN&fm,d
q$-sy_
p"8rm3
j*v9eXjW'E
As2"`iSyG
C)rA]
lBNieANRM2k/[
*n(hk'
Q[ulz
kW_[R`
Pm |9~0)a+
!FM+ k
|DdUv
x,T DO
6Bf+]3@
($m/q{%.aH
X` k/,
kD)i-Y
an+GRzg
v.a~SL`8#
*fy;O`
,5v-r/
X` k/,
mbkjHO
P h9qKS
SkaOTz
jc>!dH
q\It"!
(_T#x8
Bp-&d+z
(] Yc
hME /E
e;%+UK
;ucz#X
b$)k]^
,&?k8(
s4.{fh
XO}jWe
kfc>.p
vsi(n&
O.=YK/
_JT#0p
,k?<a`9:
a+CJi[0
mafkLn
D%"nj'
L[%($xG
jHHUCg
Sv*c.g
+ek%8v
Cn$!oe,
a/Ggi@
jjXgA@
h$GU^U6
mTE_@.
Cln+y7$e7
O8..W
xQ&/+#4sc%/gk
Q'`"
$(LB?}
g!l ;u,
cEM"m*
v0/(b~:c
=t)(tK
9*pl+i
<l;z&c
kgjdke
qTP8T
UQm)9fu
Ne/tNz
Nk*k&h
s|(vbW}
&`n!,j,~
s#u<"F
u,AH+%
i/j4&z)
Bl<4L#
?gaa%Y
Im.>'kr
/Lt[t@+
*$CMSC<.?
4-SZ$
(j{;a)C
pR.e)WJ>
/ha'd-~
"5jX6;
f|8!u$
ek2A!d
gw*':E-7
$*CFm"s
07[61v
b&9Mvt
b).bey
?N94C>
!Nk.@S
Z/9eml
Tz.lOQ5$b
]{=?:A&
su-)O#)'hF
IQ&k/[
b$ifBZ
^LB?}{?_%
|U{Tz5
k*/f#9~&lUk
,/g*cM
YLM\{J
'jO_P@
{7Wz7r
nZkPUF
mlU]g{
DwJyDN
})nRZO|
??fyIAv
k -0<I
cfJMa3
OK^ziM
Kf]]g
KdS<iR]v
j$-og&
fg,%mj
a3rJFo
qx=#:nM
(f)OyO
*Jq[IG
OYU a'
c(TZ!D
6&/f2_
-,c:~K
^e#l%j
&)eh#5
"#HIwv@C{
E#C6R
y:}?FDh
TuGVel
tlAt0tJ
$`\KZf6;pd
}H)]sFYwq
F~xql|
|Q$Hr_Tbp
1aEFOg/6eeD
$e2rH'
8{OJ|N
sr?x7Gb
mepn4/B3
2L*FEN
LXV8>5T
.2}sY0
oSkPX
U@_=%w
fZKndp;
9}y|7s
jTnIh~
kAcPik
|lq.r
gOFwee6
{*@M`P|
hx+Q5Mo
q`cED$
jn|hh
=aOt?\t
EE$CG2
v"n[f|
xyBsI<,i)
p>Qu1]d+
_8m$n$
~t)$}3
KxjTyg
ih%C@hG
22QJQu
H{wJ_rX
9ehF@O
uS[/~[B
BIYu_D
ffOkF~/
k=1gex
`@<M0u
j(&puM
Visi=1_
/;t~Fm
W)i%+G
EXD$C=
35w##>v
,[^bW^
'K&YMg
(,bnm`
-i!d,}
SK%l+g
nTBgKJ`
YH'-kJf
(J;rgX
/#d!N7
VH-ha.
o;0a+e
oo>v#p7
iW(Edqg)
{1}4h!
+ ,l/e4
oc/#dh
S7koyun#
G%ZQm#
fo"T')
a&E<Z-
mO+m'q{
sZq![C
z/WC;G
&e gie
/#d"d"d
d1?&(+m
]k~N:r
/SWgJ>
&o$WVbc
!.K|}&s
Cg!rC\{
iFzER
3Z/OM4G5
WsB'd)
b<_:U)
Qj*j++
Rd.IK?
/)D:j
*o)$kW
*g`YZnO3+
zAJD`Z:
SfjPM?
g"Wr`L
Q6bE's
cPpFffj
/i}^[j
`&h*bj
J8}d8:.,#V
0dd#l@
Y]C|Q2>
G5P-(r
gV\V[I
TZTiFy
A56"$(n
e-G(Ny
i)nJrn
^2V{OV!Dy
7Swn2!
,o(s1o
?_}N|o
};"ek>
&f{O"
m/"Jx
@$p-m0
sW/Q;qp
S[9m7,1g
J}i{AD
fW7L]Bw
[1R.t3
&3KVfP
Qf)!jb
uyq0.(
042}'R
2 'f+r
j/.JEZ
v"d .-
;:e#bd
B2vR\M/
o{7J&i
n,"dAM
bd>wz<o
jMU\{v
u\{D|d
Y6{@,I
m*}rgsvhi
!n59jc
,*CH =}m,Rk
.,!/!r
(l)e!m
rbG3\.
*d;072=
v4ragf`
.dF.J'
Tdj~se
` 65g*f-
|dM\0,
i^&y=
A>kROw?
&Ng&8S
.Nv_)f$
d2v)ma
o%/'%<9
/f0Ga^
'&`=,un
owb'Vz
r?u;i;
\P;km{$~
vh#,GH3
#&"'#4j
"d&(",
[WL\/
x9Kh a
.JNa-`%'
q$>SO"
Mudww}d
u[F1cP
pOBGN[
PboXUb
KQ}s&g/
b]'h6^
Nuu-`<h
h!'*pU\
5"f@H&
=(]S-Q
XZ;8YZi
OCWe[Dc
.7YyxM
}JW)NDd(}
%`|6wW
/h* )j$
R~9[}
~9=(lgk
;v'%j+dj7:g
z4$*$!
n`5:o+e
rZ9{wy
URl-3>
R0G Wb
F[o-YdhWZ
*d869JcM
+O^9LR
zN>Zz6
lkkN`G
<-S^ai
l!R{J5T
(`={#g
/k,*lc
k:f<U7
%t*3jm
G).dUb
|,"`"G
/JvQK5
i"/he"
rrr3!,
TLz?j/
(yHMW.
uDhgW[
=d&4dp5b
VR_[liF
`h+:,&
&/vxe`a
oh=0!.
*NpE3!
m1p!jS
)mp_G&`
P(dHTz
#kgc&ff
jm(gg|9
+XR$-\
~s){-
5nsTI
>R^2Wy
zH*>QM
2.S]mb
/#*e,S
^_x=:
2FY-"'
bhh?W^
~lvw*mPE
v8E#."
*UZ#-+a
`u},i`'!
SOr?Sc
J;IGKf
bj*l!
jB2?'COb
G+YCPQ
gbdlKI
Ua^^z'
$h/Jbb
{/j?$v?
z;&g`3KED
LMFit@
H!6]9dl
"bG'^5
!d<z"j
i%63l,bn
`*l#m!
D+U]\M
p|#kUO
TIeGMmV
k*djmJ
]*e9'{e
*J@rvfKI
<1ge,B
y>iNc{
^jN~1h
y6z7d;
.`+#h
j=z1wy
,;~=PC
RCP,ci
tNlb Wc
bbwMMi
rK'|5l(
z</am
*bx;}x^M#
d l*t2
]sG(jc
#^35XN
)fgj+/
9<dn)zq
()ja%.hb
ui,o16
i.dBNr7
jG'O:&3
L|R0G'
^6h'a"d4
e<J-Xu
&"fKC&l
q9/om,y0
e<?'#'
5!y6$a7
X!RU(N
sj&aa'S
w%k$ d
a1RR18{
7`*!',"-
wVnUT
kh!/&(`G
BWSUy/
+%d24bd.
.L&(r|
&g,9 ;
a"l+e+m
`:IW'W'o
bn'%)a
&faQRb
$#}$Qo&
.",* )
$$2t&`
p9a,oYY
#m1w+m
-bgr?O
A/j4\>
r"r09~U
'",86!
+"Q5e!;~
ilS[;8
7=`* fj
tYDjP
Cq\hh[
@YDZeh
TUMydND
V_B2X6x
v@Dbr\
T3[G\Q|
g7|(c@
/*)#RUv
T CmuI=
\W$/*v0={
oeYa8
Cgs6"cr3
o6y-b(^
lOb/2X
<GvQoH
]PHEM L
3Cm=:%
iP@{i5\
TXn .e
S4fb'"
7)M@fS\
dli/i/
oqtjnv
n,]lpA
6O!d6Ab
F$"lgk
[S,$+g
,'ne2?
X|FAFq
a+m79!
)fY]P_hG
$LM.,ii
&d ^c.
g=X;^=X
_{=r5B
Zy}g`z
;'BF'j
jXjW'4
hl&g-T
7#m+u(
;y4svN
!r*)'bny
H5".CW6
$YTmBO
9I.65
m2t+5X
jXjXT'+,#
/XTAIm
W-uYG"l/ck|
^(&-',)#
i%PXjIY
}N$b5c
yC2c6lW
j,4r"d/!
d"k,,5
q/%=U>
6h+}ya
g4<bd;<
S_mh9n
k:i3M(
3Hjk-x
Li;~+\
%"g,(o
,e#, d
ASWe"(
e)#&,'(
Kghzug
dK."nlk
THJNiU
o;k5:*
^J1FJE
eI]Kpu
YTAgN
>9 BVe1&z
"a?TBb.
w9m&Qy
$=9!*'
-e'! N
{M`QZi
:l)GH.4:
*^`Gmi7
xA`Mi]
yeK]seO
r!aw:j
eIBOi$!
-?VN!(V
P/i 9G
!m&zb?'
,!m/i"
e,<%*7
gl(,k#.
.->7M
n2YWE*
QbUL.@
8FCbgC
g0[$vY
5a>3f&{
Li+,e-+
_d-!)-
=(T 6s
c,~w+d
hF/K/h
B?i+c2
d8~YF3
G!]<).
.iwRkOM
.{b:&#b
FC'`U7L5z84m
2'<^oP
#m5s#e.,
)'n(8.n
`&)c&KE,h
i7QE:8+
h?4.F_
/KE,j^
~V<`!TYuP
"*~vCo
Um#e+m
ji$"*hL
1Dc@zH
Tf+m",-
c&@lq[&.
bd(b*j
XgA+>k
T]&fc)
hN8|3M
F(da%h
(n]\Yu
`0:&6p
g,cj,"
(&vp)n
CJ.b)`
J^$6Dw
h9e+yu+
O-`#n
|g,44-
+dHH-b
V4!d1c
e0$ e1
D3/?fC<<
EP]KON
<li]M,
/@F#NbS4
fYT#k
z0Yk%A
d).h$Q
}`U=&%+
YR)#$/i
~d8~"d
Xc,m!g
kY@M]{
cQp$ll
A-O` U
ZKduQR
"$/9zl
H<>/!g
,Uz*/d/
0&i'}3
* $"gi
Oh"DB.
;c'(b/
r2X~H+o
(e!/!d
G&bO/ne
`oik+
{]Lj'o&
bbK/fvS
/ge,G{
~`EdquO
C5f$?:
ghejg
#l*(/#
rKXryS
`r@Nyww
*ogCo+
d;5`lw1~
J"f@lq[
#m(nY"
X~V<`!T
!",&(
W0^B0m
c] $3>@
-l.`xL
\%/MG b
^,s*x!5|
myqfig
]'B0M?
?7QHvj
hAAGe,
DBBg#?Z
*bVqhm
.MtG{\
NwH}h.$."
$AG:@vDv
MLb.'*
p2"8or'
bf+/e n#
!.COmaKC
iS^gH
S,-$|_r%
*`. !e+j
/c+'\q8!
R("$/u;
a&FN68
XMTUwe
$i /*
?4X&#d/
#*F&a/iS
Zdtck
hQ2(IYc
TB?j4Y
M+D#f".
-KH/f."
HOdtz
y:}?FDh
t5NC?E
$`\KZf6;pd
}H)]sFYwq
F~xql|
|Q$Hr_Tbp
1aEFOg/6eeD
$e2rH'
8{OJ|N
sr?x7Gb
mepn4/B3
2L*FEN
LXV8>5T
.2}sY0
oSkPX
U@_=%w
qwYtw$G
UGx0>7a
/)7p!'
6("}8&
:o*UN-
r$yQP?
|JOx'?/
o$9prMh
6L1,41
{Bh6y]
8<=T?t
WZGydZ
o@<5NCz
Ym;_`V
Bt$V:V
jF~Wom:
CRJ[C*
B9-VBj
0Vz'wT
LH7)Vz
ZZ_W+7
I~4olN+gK
{rRC&1
1#sZm^g
rV]O`d
pkw1h3
`V iUD3
iU#8jh4
TTSh$
P4G*W>
@nw9:4603
GzW*J7MH
jtyg>3
j![ ZU
~gm`^
ulsi6v
+&i%kV
Sha)S<
b{%2_X
p\kDsO
T@i,{
<C@OLC
n.R5+R
M(6 V}J
t&w,)n
a/w:cO
G&B#@%
$W4E&R
d&(ko/
<4kjMU!
ckj&VY
Dld)"ob
6m16fg
7l1jh2
g1?he0?
FN-=>"
zo%(gm9
of*%`)
N"O,A"
l""+`i6
,k#]<G
g11fe@O
uZGezX6
h5x&#o
uzfqDSg
ejEJfG
5H<Chw
l"~1a(Q
Q&*gL
B~GS|hV.
nGSqf^L{
S~}LRw
41ui77
\i3>obO
FSBo[~
!This program cannot be run in DOS mode.
`.rsrc
api-ms-win-core-string-l1-1-0.pdb
.rdata
.rdata$zzzdbg
.edata
.rsrc$01
.rsrc$02
api-ms-win-core-string-l1-1-0.dll
CompareStringEx
kernel32.CompareStringEx
CompareStringOrdinal
kernel32.CompareStringOrdinal
CompareStringW
kernel32.CompareStringW
FoldStringW
kernel32.FoldStringW
GetStringTypeExW
kernel32.GetStringTypeExW
GetStringTypeW
kernel32.GetStringTypeW
MultiByteToWideChar
kernel32.MultiByteToWideChar
WideCharToMultiByte
kernel32.WideCharToMultiByte
Washington1
Redmond1
Microsoft Corporation1!0
Microsoft Time-Stamp PCA0
160330192128Z
170630192128Z0
Washington1
Redmond1
Microsoft Corporation1
MOPR1'0%
nCipher DSE ESN:98FD-C61E-E6411%0#
Microsoft Time-Stamp Service0
Chttp://crl.microsoft.com/pki/crl/products/MicrosoftTimeStampPCA.crl0X
<http://www.microsoft.com/pki/certs/MicrosoftTimeStampPCA.crt0
Washington1
Redmond1
Microsoft Corporation1#0!
Microsoft Code Signing PCA0
150604174245Z
160904174245Z0
Washington1
Redmond1
Microsoft Corporation1
Microsoft Corporation0
MOPR1301
*31595+04079350-16fa-4c60-b6bf-9d2b1cd059840
Ehttp://crl.microsoft.com/pki/crl/products/MicCodSigPCA_08-31-2010.crl0Z
>http://www.microsoft.com/pki/certs/MicCodSigPCA_08-31-2010.crt0
microsoft1-0+
$Microsoft Root Certificate Authority0
100831221932Z
200831222932Z0y1
Washington1
Redmond1
Microsoft Corporation1#0!
Microsoft Code Signing PCA0
?http://crl.microsoft.com/pki/crl/products/microsoftrootcert.crl0T
8http://www.microsoft.com/pki/certs/MicrosoftRootCert.crt0
`Ge`@N
microsoft1-0+
$Microsoft Root Certificate Authority0
070403125309Z
210403130309Z0w1
Washington1
Redmond1
Microsoft Corporation1!0
Microsoft Time-Stamp PCA0
microsoft1-0+
$Microsoft Root Certificate Authority
?http://crl.microsoft.com/pki/crl/products/microsoftrootcert.crl0T
8http://www.microsoft.com/pki/certs/MicrosoftRootCert.crt0
1Jv1=+r
L&*H$_Z
Washington1
Redmond1
Microsoft Corporation1#0!
Microsoft Code Signing PCA
http://www.microsoft.com/windows0
+cdUCu%
Washington1
Redmond1
Microsoft Corporation1!0
Microsoft Time-Stamp PCA
160728150033Z0#
Washington1
Redmond1
Microsoft Corporation1(0&
Microsoft Code Signing PCA 20100
151028203124Z
170128203124Z0
Washington1
Redmond1
Microsoft Corporation1
Microsoft Corporation0
MOPR1301
*38076+ad58a381-3343-4dd7-8833-0de83d41f5f00
Ehttp://crl.microsoft.com/pki/crl/products/MicCodSigPCA_2010-07-06.crl0Z
>http://www.microsoft.com/pki/certs/MicCodSigPCA_2010-07-06.crt0
Washington1
Redmond1
Microsoft Corporation1200
)Microsoft Root Certificate Authority 20100
100706204017Z
250706205017Z0~1
Washington1
Redmond1
Microsoft Corporation1(0&
Microsoft Code Signing PCA 20100
Ehttp://crl.microsoft.com/pki/crl/products/MicRooCerAut_2010-06-23.crl0Z
>http://www.microsoft.com/pki/certs/MicRooCerAut_2010-06-23.crt0
1http://www.microsoft.com/PKI/docs/CPS/default.htm0@
#Vx"&6
7Z>@B1
Washington1
Redmond1
Microsoft Corporation1(0&
Microsoft Code Signing PCA 2010
http://www.microsoft.com/windows0
20160728150037.752Z0
Washington1
Redmond1
Microsoft Corporation1
MOPR1'0%
nCipher DSE ESN:7AFA-E41C-E1421%0#
Microsoft Time-Stamp Service
Washington1
Redmond1
Microsoft Corporation1200
)Microsoft Root Certificate Authority 20100
100701213655Z
250701214655Z0|1
Washington1
Redmond1
Microsoft Corporation1&0$
Microsoft Time-Stamp PCA 20100
$`2X`F
Ehttp://crl.microsoft.com/pki/crl/products/MicRooCerAut_2010-06-23.crl0Z
>http://www.microsoft.com/pki/certs/MicRooCerAut_2010-06-23.crt0
1http://www.microsoft.com/PKI/docs/CPS/default.htm0@
oK0D$"<
r~akow
Washington1
Redmond1
Microsoft Corporation1&0$
Microsoft Time-Stamp PCA 20100
160330192423Z
170630192423Z0
Washington1
Redmond1
Microsoft Corporation1
MOPR1'0%
nCipher DSE ESN:7AFA-E41C-E1421%0#
Microsoft Time-Stamp Service0
H1LzaG}
Ehttp://crl.microsoft.com/pki/crl/products/MicTimStaPCA_2010-07-01.crl0Z
>http://www.microsoft.com/pki/certs/MicTimStaPCA_2010-07-01.crt0
Washington1
Redmond1
Microsoft Corporation1
MOPR1'0%
nCipher DSE ESN:7AFA-E41C-E1421%0#
Microsoft Time-Stamp Service
Washington1
Redmond1
Microsoft Corporation1
MOPR1'0%
nCipher NTS ESN:4DE9-0C5E-3E091+0)
"Microsoft Time Source Master Clock0
20160728045733Z
20160729045733Z0v0<
Washington1
Redmond1
Microsoft Corporation1&0$
Microsoft Time-Stamp PCA 2010
Washington1
Redmond1
Microsoft Corporation1&0$
Microsoft Time-Stamp PCA 2010
!This program cannot be run in DOS mode.
`.rdata
@.data
@.reloc
URPQQh
;t$,v-
UQPXY]Y[
WWWPWS
u-PWWS
SSVWh
f9:t!V
PPPPPPPP
PPPPPWS
PP9E u:PPVWP
QQSWj0j@
Unknown exception
bad allocation
bad array new length
__based(
__cdecl
__pascal
__stdcall
__thiscall
__fastcall
__vectorcall
__clrcall
__eabi
__swift_1
__swift_2
__ptr64
__restrict
__unaligned
restrict(
delete
operator
`vftable'
`vbtable'
`vcall'
`typeof'
`local static guard'
`string'
`vbase destructor'
`vector deleting destructor'
`default constructor closure'
`scalar deleting destructor'
`vector constructor iterator'
`vector destructor iterator'
`vector vbase constructor iterator'
`virtual displacement map'
`eh vector constructor iterator'
`eh vector destructor iterator'
`eh vector vbase constructor iterator'
`copy constructor closure'
`udt returning'
`local vftable'
`local vftable constructor closure'
new[]
delete[]
`omni callsig'
`placement delete closure'
`placement delete[] closure'
`managed vector constructor iterator'
`managed vector destructor iterator'
`eh vector copy constructor iterator'
`eh vector vbase copy constructor iterator'
`dynamic initializer for '
`dynamic atexit destructor for '
`vector copy constructor iterator'
`vector vbase copy constructor iterator'
`managed vector copy constructor iterator'
`local static thread guard'
operator ""
operator co_await
Type Descriptor'
Base Class Descriptor at (
Base Class Array'
Class Hierarchy Descriptor'
Complete Object Locator'
FlsAlloc
FlsFree
FlsGetValue
FlsSetValue
InitializeCriticalSectionEx
CorExitProcess
FlsAlloc
FlsFree
FlsGetValue
FlsSetValue
GetCurrentPackageId
InitializeCriticalSectionEx
LCMapStringEx
LocaleNameToLCID
Sunday
Monday
Tuesday
Wednesday
Thursday
Friday
Saturday
January
February
August
September
October
November
December
MM/dd/yy
dddd, MMMM dd, yyyy
HH:mm:ss
 !"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
 !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~
?5Wg4p
%S#[k=
"B <1=
_hypot
_nextafter
kernel32
.text$mn
.idata$5
.00cfg
.CRT$XCA
.CRT$XCZ
.CRT$XIA
.CRT$XIC
.CRT$XIZ
.CRT$XPA
.CRT$XPX
.CRT$XPXA
.CRT$XPZ
.CRT$XTA
.CRT$XTZ
.rdata
.rdata$r
.rdata$sxdata
.rdata$zzzdbg
.rtc$IAA
.rtc$IZZ
.rtc$TAA
.rtc$TZZ
.xdata$x
.edata
.idata$2
.idata$3
.idata$4
.idata$6
.data$r
.rsrc$01
.rsrc$02
sql.dll
ReadFile
CreateFileW
LoadLibraryA
CloseHandle
GetProcAddress
KERNEL32.dll
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
InterlockedFlushSList
RaiseException
RtlUnwind
GetLastError
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
LoadLibraryExW
ExitProcess
GetModuleHandleExW
GetModuleFileNameA
MultiByteToWideChar
WideCharToMultiByte
HeapAlloc
LCMapStringW
HeapFree
FindClose
FindFirstFileExA
FindNextFileA
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetProcessHeap
GetStdHandle
GetFileType
GetStringTypeW
HeapSize
HeapReAlloc
SetStdHandle
WriteFile
FlushFileBuffers
GetConsoleCP
GetConsoleMode
SetFilePointerEx
WriteConsoleW
DecodePointer
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
.?AVbad_alloc@std@@
.?AVexception@std@@
.?AVbad_array_new_length@std@@
.?AVtype_info@@
<?xml version='1.0' encoding='UTF-8' standalone='yes'?>
<assembly xmlns='urn:schemas-microsoft-com:asm.v1' manifestVersion='1.0'>
</assembly>
464;4H4
5W5i5#6`6z6
7$7+72797A7I7Q7]7f7k7q7{7
8%828H8
==$=7=Q=n=
(010:0H0Q0b0
4%515N6U6{6
7(767<7W7
8%8E8S8Z8`8u8
939\9d9
:&:0:<:A:F:a:k:w:|:
;+;=;I;S;X;l;u;
5+6064686<6
</<F<M<Y<l<q<}<
==g=y=
=;>E>K>Q>
01161\2t2
525E5x5
8.949Q9
:M:I;];
<.=?=Z=f=w=
>">3>I>Q>
?%?G?Y?d?i?n?
050?0[0f0k0p0
1!1&1+1^1
2!2,2@2E2J2l2z2
4,4\4y4
4 5S5f5
:1;@;R;d;
<5<D<N<[<e<u<
= =2?_?
23383>3C3
717X7v7
8 8a8n8{8
;;<E<h<r<
=1=H=k=
1@1V1w1
>V>e>s>
2-242J2`2m2r2
3!333E3W3i3{3
8>8I8Y8
9&9<9F9e9
0'040d0
4Y4a4i4q4y4
5!5-595Y5
=.=S=_=k=~=
=%>1>=>I>\>
1s1y1~1
60:3;D;
=&>+>=>[>o>u>
1 1$1014181T1X1\1`1d1|1
2 2$2(2,2024282<2@2D2H2L2P2T2X2\2`2d2h2l2p2t2x2|2
3 3$3(3,3034383<3@3D3H3L3P3T3X3\3`3d3h3l3p3t3x3|3
< <$<(<,<0<4<8<<<
`3d3h3l3
7 7$7(7,7074787<7@7D7H7L7P7T7X7\7`7d7h7l7p7t7x7|7
8 8$8(8,8084888<8@8D8H8L8P8T8X8\8`8l>t>|>
?$?,?4?<?D?L?T?\?d?l?t?|?
0$0,040<0D0L0T0\0d0l0t0|0
1$1,141<1D1L1T1\1d1l1t1|1
2$2,242<2D2L2T2\2d2l2t2|2
3$3,343<3D3L3T3\3d3l3t3|3
4$4,444<4D4L4T4\4d4l4t4|4
5$5,545<5D5L5T5\5d5l5t5|5
0 0(00080@0H0P0X0`0h0p0x0
1 1(10181@1H1P1X1`1h1p1x1
2 2(20282@2H2P2X2`2h2p2x2
3 3(30383@3H3P3X3`3h3p3x3
4 4(40484@4H4P4X4`4h4p4x4
5 5(50585@5H5P5X5`5h5p5x5
6 6(60686@6H6P6X6`6h6p6x6
0<:D:L:T:\:d:l:t:|:
;D<H<X<\<d<|<
=(=,=<=@=H=`=
00P0l0p0
1 1<1@1`1
2(2H2h2
3(3H3h3t3
7 7$7074787<7@7D7H7L7p7
"%s",%s
((((( H
VS_VERSION_INFO
StringFileInfo
080904b0
CompanyName
RealVNC Ltd
FileDescription
Viewer
FileVersion
6.21.406 (r44671)
InternalName
vncviewer
LegalCopyright
Copyright
2002-2020 RealVNC Ltd.
LegalTrademarks
RealVNC and VNC are trademarks of RealVNC Ltd and are protected by trademark registrations and/or pending trademark applications in the European Union, United States of America and other jurisdictions.
OriginalFilename
vncviewer.exe
ProductName
ProductVersion
6.21.406 (r44671)
ProgramName
Viewer
VarFileInfo
Translation
VS_VERSION_INFO
StringFileInfo
040904B0
CompanyName
Microsoft Corporation
FileDescription
ApiSet Stub DLL
FileVersion
10.0.14393.33 (rs1_release_sec.160727-1952)
InternalName
apisetstub
LegalCopyright
Microsoft Corporation. All rights reserved.
OriginalFilename
apisetstub
ProductName
Microsoft
Windows
Operating System
ProductVersion
10.0.14393.33
VarFileInfo
Translation
"Microsoft Window
Legal_Policy_Statement
"Microsoft Window
Legal_Policy_Statement
VS_VERSION_INFO
StringFileInfo
040904B0
CompanyName
Microsoft Corporation
FileDescription
ApiSet Stub DLL
FileVersion
10.0.14393.33 (rs1_release_sec.160727-1952)
InternalName
apisetstub
LegalCopyright
Microsoft Corporation. All rights reserved.
OriginalFilename
apisetstub
ProductName
Microsoft
Windows
Operating System
ProductVersion
10.0.14393.33
VarFileInfo
Translation
"Microsoft Window
Legal_Policy_Statement
"Microsoft Window
Legal_Policy_Statement
api-ms-win-core-fibers-l1-1-1
api-ms-win-core-synch-l1-2-0
kernel32
api-ms-
ext-ms-
mscoree.dll
api-ms-win-appmodel-runtime-l1-1-1
api-ms-win-core-datetime-l1-1-1
api-ms-win-core-fibers-l1-1-1
api-ms-win-core-file-l2-1-1
api-ms-win-core-localization-l1-2-1
api-ms-win-core-localization-obsolete-l1-2-0
api-ms-win-core-processthreads-l1-1-2
api-ms-win-core-string-l1-1-0
api-ms-win-core-synch-l1-2-0
api-ms-win-core-sysinfo-l1-2-1
api-ms-win-core-winrt-l1-1-0
api-ms-win-core-xstate-l2-1-0
api-ms-win-rtcore-ntuser-window-l1-1-0
api-ms-win-security-systemfunctions-l1-1-0
ext-ms-win-kernel32-package-current-l1-1-0
ext-ms-win-ntuser-dialogbox-l1-1-0
ext-ms-win-ntuser-windowstation-l1-1-0
advapi32
kernel32
user32
Sunday
Monday
Tuesday
Wednesday
Thursday
Friday
Saturday
January
February
August
September
October
November
December
MM/dd/yy
dddd, MMMM dd, yyyy
HH:mm:ss
((((( H
zh-CHS
az-AZ-Latn
uz-UZ-Latn
kok-IN
syr-SY
div-MV
quz-BO
sr-SP-Latn
az-AZ-Cyrl
uz-UZ-Cyrl
quz-EC
sr-SP-Cyrl
quz-PE
smj-NO
bs-BA-Latn
smj-SE
sr-BA-Latn
sma-NO
sr-BA-Cyrl
sma-SE
sms-FI
smn-FI
zh-CHT
az-az-cyrl
az-az-latn
bs-ba-latn
div-mv
kok-in
quz-bo
quz-ec
quz-pe
sma-no
sma-se
smj-no
smj-se
smn-fi
sms-fi
sr-ba-cyrl
sr-ba-latn
sr-sp-cyrl
sr-sp-latn
syr-sy
uz-uz-cyrl
uz-uz-latn
zh-chs
zh-cht
CONOUT$
VS_VERSION_INFO
StringFileInfo
040904b0
CompanyName
SQLite Development Team
FileDescription
SQLite is a software library that implements a self-contained, serverless, zero-configuration, transactional SQL database engine.
FileVersion
3.15.0
InternalName
sqlite3
LegalCopyright
http://www.sqlite.org/copyright.html
ProductName
SQLite
ProductVersion
3.15.0
SourceId
2016-10-14 10:20:30 707875582fcba352b4906a595ad89198d84711d8
VarFileInfo
Translation
api-ms-win-core-namedpipe-l1-1-0.dll
axhub.dat
api-ms-win-core-string-l1-1-0.dll
axhub.dll
Antivirus Signature
Bkav Clean
Lionic Trojan.Win32.Crypt.4!c
Elastic malicious (high confidence)
MicroWorld-eScan Trojan.GenericKD.37263539
FireEye Trojan.GenericKD.37263539
CAT-QuickHeal Trojan.Agent
ALYac Trojan.GenericKD.37263539
Cylance Unsafe
VIPRE Trojan.Win32.Generic!BT
Sangfor Clean
CrowdStrike win/malicious_confidence_100% (W)
BitDefender Trojan.GenericKD.37263539
K7GW Trojan ( 0057f23b1 )
K7AntiVirus Trojan ( 0057f23b1 )
BitDefenderTheta Clean
Cyren W32/Trojan.VJVU-7820
ESET-NOD32 a variant of Win32/Kryptik.HLQQ
Baidu Clean
APEX Malicious
Paloalto generic.ml
ClamAV Win.Packed.Zusy-9878432-0
Kaspersky HEUR:Trojan.Win32.Crypt.gen
Alibaba Trojan:Win32/Kryptik.54869754
NANO-Antivirus Trojan.Win32.Inject4.ixgvgd
ViRobot Trojan.Win32.Z.Crypt.729724.C
Tencent Malware.Win32.Gencirc.10ce6651
Ad-Aware Trojan.GenericKD.37263539
TACHYON Trojan/W32.Crypt.729724
Emsisoft Trojan.Crypt (A)
Comodo Malware@#2fm7k45x1wj9i
F-Secure Clean
DrWeb Trojan.Inject4.13781
Zillya Trojan.Kryptik.Win32.3399235
TrendMicro TROJ_GEN.R002C0PH221
McAfee-GW-Edition GenericRXPL-AM!ADFE31C40569
CMC Clean
Sophos Mal/Generic-S
Ikarus Trojan.Win32.Crypt
GData Win32.Trojan.PSE.13QHYFZ
Jiangmin Trojan.Crypt.fma
Webroot W32.Trojan.Gen
Avira TR/AD.Downloader.jqeqy
Antiy-AVL Trojan/Generic.ASMalwS.340C0ED
Kingsoft Win32.Troj.Undef.(kcloud)
Gridinsoft Trojan.Win32.Gen.oa!s1
Arcabit Clean
SUPERAntiSpyware Clean
ZoneAlarm Clean
Microsoft Trojan:Win32/Multiverze
Cynet Malicious (score: 100)
AhnLab-V3 Trojan/Win.Generic.R431137
Acronis Clean
McAfee GenericRXPL-AM!ADFE31C40569
MAX malware (ai score=88)
VBA32 Trojan.Inject
Malwarebytes Trojan.Crypt
Panda Trj/Genetic.gen
Zoner Clean
TrendMicro-HouseCall TROJ_GEN.R002C0PH221
Rising Clean
Yandex Clean
SentinelOne Clean
eGambit Clean
Fortinet PossibleThreat.MU
AVG Win32:MalwareX-gen [Trj]
Avast Win32:MalwareX-gen [Trj]
No IRMA results available.